Cloudflare, Laravel, and TLS

Double check this setting to save yourself some trouble

Joel Clermont
Joel Clermont

I'm a fan of Laravel Forge. It's a super simple way to provision servers that work great for Laravel apps out of the box.

I also like using Cloudflare as a proxy in front of my sites. It is a nice protection against denial of service attacks and other malicious bots, plus it can reduce load on the application server.

But one challenge I've run into has to do with certificates. Laravel Forge makes it easy to provision a certificate, but Cloudflare also does TLS termination.

One key piece of configuration is to set the Full TLS option at Cloudflare. Otherwise, Cloudflare will try to communicate with your app over HTTP and Forge will redirect it to HTTPS, causing an endless redirect loop.

In Chrome, this shows up as the ERR_TOO_MANY_REDIRECTS error. Safari shows an error like "Safari cannot open the page because too many redirects occurred."

This is an easy fix, but hopefully this tip saves someone a few minutes of panic when trying to launch a new site without this configured properly.

Here to help,


P.S. Need some help debugging a pesky Laravel issue in production?

Toss a coin in the jar if you found this helpful.
Want a tip like this in your inbox every weekday? Sign up below 👇🏼

Level up your Laravel skills!

Each 2-minute email has real-world advice you can use.